<?php
	session_start();

	include_once "utils.php";
	include_once "config.php";
	include_once "database/database.php";

	function get_key($key){
		$result = null;
		if (get_magic_quotes_gpc())
			$result = stripslashes($_POST[$key]);
		else
			$result = $_POST[$key];

		return $result;

		if(isset($_GET[$key])) {
			return stripslashes($_GET[$key]);
		}
		else if(isset($_POST[$key])) {
			return stripcslashes($_POST[$key]);
		}
		else
			return null;
	}

	$obj = json_decode(rawurldecode(get_key("object")));
	//var_dump($obj);
	//exit;
	$func = $obj->server_call;
	if (!is_callable($func)) die ("Unknown function request: ". $func);

	call_user_func($func, $obj);

	function can_perform_function($function_id, $obj,$abort=true) {
		$SECURITY_TASKS = array(
				  "workgroups_set_members" 				=> "employees_update"

				, "permission_groups_update" 			=> "administrators_update_permission"
				, "permission_groups_create" 			=> "administrators_update_permission"
				, "permission_groups_remove"			=> "administrators_update_permission"

				, "permission_groups_remove"			=> "administrators_update_permission"
				, "payroll_codes_defaults"				=> "payroll_codes_update"

				, "employees_import"					=> "employees_create"
				, "attendance_clock_import"				=> "attendance_clock_add"

			);
		$db = new CDatabase();

		//FIRST TRY TO GET THE KEY FROM THE DATABASE
		$sql = "SELECT id FROM security_types
				WHERE UPPER(function_name) = UPPER('".format_db_field($function_id)."')";
		$rst = $db->run_query($sql);
		if (count($rst) != 0){
			$sec = $rst[0];
		} else {
			if (!array_key_exists($function_id, $SECURITY_TASKS)){
				exit_with_response("-1", "Could not find [$function_id] in security module", "{}");
			}
			$sec = $SECURITY_TASKS[$function_id];
			$sql = "SELECT id FROM security_types
					WHERE UPPER(function_name) = UPPER('".format_db_field($sec)."')";
			$rst = $db->run_query($sql);

			if (count($rst) == 0){
				exit_with_response("-1", "Could not find [$function_id] in security module", "{}");
			}
			$sec = $rst[0];
		}
		//FIRST WE CHECK IF THE CLIENT IS NOT SUSPENDED
		$sql = "SELECT
					  clients.Suspended
					, clients.SuspendReason
				FROM administrators, clients
				WHERE clients.ID = administrators.last_client
				AND SessionID = '".$_SESSION["session_id"]."'";
		$rst = $db->run_query($sql);
		if (count($rst) == 0){
			if (true == $abort)
				exit_with_response(-1, "Failed to check if account is suspended: ".$function_id);
			else
				return false;
		}
		$rst = $rst[0];
		if ($rst["suspended"] == 1 && $function_id != "clients_read_one"){
			exit_with_response(-1, "Account has been suspended. Please call the support center. Reason: ". $rst["suspendreason"]);
		}

		//FIRST CHECK NORMALLY IF YOU CAN PERFORM THE TASK ON A USER LEVEL
		$sql = "SELECT administrator_clients.administrator
				FROM administrator_clients, security_details
				WHERE administrator_clients.client = '".$_SESSION["client"]. "'
				AND administrator_clients.administrator = '".$_SESSION["admin_id"]. "'
				AND security_details.security_role = administrator_clients.security_role_given
				AND security_details.security_type = '".$sec["id"]."'";
		$rst = $db->run_query($sql);

		if (count($rst) == 0 && $abort == true){
			exit_with_response(-1, "You are not allowed to perform this task");
		} else if (count($rst) == 0 && $abort == false){
			return false;
		}

		return true;
	}

?>
